SSAE18 or SOC 2 – What Provides Value

Jon Waldman

Jon Waldman is a co-founder and Senior Information Security Consultant for SBS CyberSecurity, LLC, a premier cybersecurity consulting and audit firm dedicated to making a positive impact on the banking and financial services industry. He maintains his CISA and CRISC certifications and received his Bachelor of Science in Computer Information Systems and his Master of Science in Information Assurance with an emphasis in Banking and Finance Security from Dakota State University.

Over the last ten years Jon has helped hundreds of financial institutions across the country create and implement comprehensive, valuable, and manageable Information Security Programs. He also conducts webinars and certification programs for the SBS Institute.

Jon's Other Events

OnDemand

Each of our regulators say this in a similar way, we must understand the security controls of a third party “to the same extent” as we understand our own internal controls. This is challenging, as some of our vendors share few details about controls. Our industry currently relies heavily on the new SSAE18 Audit Report and the Service Organization Control (SOC)2 reports provided by vendors. What are the differences between these two reports and which should we be requesting? And once we obtain them, how do we understand the security controls to the “same extent” as our own?

We will explore the different types of SOC reports provided by vendors and highlight the best items that should be requested from vendors. Each of these report serves a different purpose and will provide different value to your institution. In addition to what reports to ask for, we will explore them in detail to highlight what to look for and how to fill in the gaps, to ensure your understanding security to the “same extent”.

Covered Topics:

Third Party Management best practices

Updated Regulatory Expectations

SSAE16 vs SSAE18 standard changes

SOC1, SOC2, SOC3 Audits

SOC Reports Type 1 and Type 2

Detailed due diligence and contract questions

Who Should Attend?

Please note: This site employs features that may cause unexpected behavior in older versions of Internet Explorer. If you experience a problem, try refreshing your screen. If this doesn't solve the problem, click on this link.
Express Checkout

BankWebinars.com's Attendance Options

Ordering for a co-worker?

If you would like to share your order's notifications with a co-worker - to CC them with Connection Information and all other notifications related to the order - just enter the email in the textbox below.

Change Webinar Type

Event Description

Each of our regulators say this in a similar way, we must understand the security controls of a third party “to the same extent” as we understand our own internal controls. This is challenging, as some of our vendors share few details about controls. Our industry currently relies heavily on the new SSAE18 Audit Report and the Service Organization Control (SOC)2 reports provided by vendors. What are the differences between these two reports and which should we be requesting? And once we obtain them, how do we understand the security controls to the “same extent” as our own?

We will explore the different types of SOC reports provided by vendors and highlight the best items that should be requested from vendors. Each of these report serves a different purpose and will provide different value to your institution. In addition to what reports to ask for, we will explore them in detail to highlight what to look for and how to fill in the gaps, to ensure your understanding security to the “same extent”.

Error Condition Detected

We will now redirect your browser to our credit card processor - https://www.paytrace.com - for entry of credit card information.

Credit Card Processing Is Currently Offline

Direct credit card processing is temporarily offline. We apologize for the inconvenience. Please choose the 'Bill Me' option. If you leave your email address we will notify you when service is restored.